Add bandit

AlexTereshenkov · Sep 25, 2023 · f916274 · f916274
1 parent 4c5f5c5
commit f916274
Show file tree

Hide file tree

Showing 4 changed files with 450 additions and 1 deletion.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,13 @@
+fail_fast: false
+repos:
+  - repo: local
+    hooks:
+      - id: pants-lint
+        name: pants lint
+        always_run: false
+        description: runs pants --no-dynamic-ui lint on python files
+        entry: pants --changed-since=HEAD --changed-dependents=transitive lint
+        language: system
+        verbose: true
+        pass_filenames: false
+        types: [file, python]
diff --git a/pants.toml b/pants.toml
@@ -1,5 +1,5 @@
 [GLOBAL]
-pants_version = "2.16.0"
+pants_version = "2.17.0"
 ignore_warnings = [
   '$regex$DEPRECATED',
 ]
@@ -9,6 +9,7 @@ backend_packages = [
   "pants.backend.shell",
   "pants.backend.python",
   "pants.backend.python.lint.black",
+  "pants.backend.python.lint.bandit",
   "pants.backend.python.lint.flake8",
   "pants.backend.python.lint.docformatter",
   "pants.backend.python.lint.isort",
@@ -92,3 +93,9 @@ args = ["-v", "--vcr-record=none"]
 
 [tailor]
 ignore_paths = ["requirements/BUILD"]
+
+[bandit]
+version = "bandit[toml]>=1.7.0,<1.8"
+args = "--quiet"
+config = "./pyproject.toml"
+lockfile = "requirements/bandit.lock"
diff --git a/pyproject.toml b/pyproject.toml
@@ -8,3 +8,6 @@ ignore_missing_imports = true
 profile = "black"
 line_length = 88
 known_first_party = ["internal_plugins", "cheeseshop"]
+
+[tool.bandit]
+skips = ["B101"]